/**
 * Copyright 2018 asiainfo Inc.
 **/
package com.myz.app.shiro.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 满足其中一个角色即可
 *
 * @author maoyz on 2018/6/19
 * @version: v1.0
 */
public class RolesOrFilter extends AuthorizationFilter {

  @Override
  protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
    Subject subject = getSubject(request, response);
    String[] roles = (String[]) mappedValue;

    if (roles == null || roles.length == 0) {
      return true;
    }

    for (String role : roles) {
      if (subject.hasRole(role)) {
        return true;
      }
    }
    return false;
  }
}
